Controlling the downloading and recording of digital data

ABSTRACT

A method and apparatus for enabling a licensed end user to record digital data as described is particularly useful to the music industry as it enables them to make audio data available over the internet but to retain control of the uses to which that audio data can be put. Thus, upon completing a financial transaction to pay for the required audio tracks, the end user is enabled to download and decrypt encrypted music tracks and to play them on the end user&#39;s personal computer. The end user can also be allowed to burn a CD including the downloaded music tracks. However, the end user is only enabled to decrypt and record the music tracks onto the CD if the music tracks are recorded together with copy protection.

[0001] The present invention relates to a method and apparatus forenabling a licensed end user to obtain and/or record digital data, butwith the use of that digital data being controlled. The invention alsoextends to copy protected data carriers and to application files forenabling their protection.

[0002] Techniques exist which enable a consumer to download digitaldata, such as audio data, over the internet after they have paid for thedata files concerned. The music industry, for example, would like tomake its music available to consumers in this manner, and appreciatesthat the consumer may well wish to do more than store the downloadedmusic in a personal computer. If the consumer can record the downloadedmusic onto a recordable compact disc (CD-R), he will then have a digitalaudio compact disc (CD-DA) carrying a compilation of downloaded tracksfor use, for example, in home hi-fi apparatus, in an audio playerprovided in a car, and/or in a portable audio player. The technology toenable a consumer to make such a CD, namely a CD recorder or burner, isnow commercially available.

[0003] Of course, there is a real danger that consumers will use theavailable technology not just to make individual CDs for personal use,but to make a number of copy CDs for distribution.

[0004] The present invention arises out of the need to address theseproblems and proposes a method and apparatus for enabling a licensed enduser to record downloaded digital data in which method the number ofdata carriers, such as optical discs, which the licensed end user canmake is controlled, and in which the recorded data carriers areprotected against copying.

[0005] According to a first aspect of the present invention there isprovided a method of enabling a licensed end user to record digitaldata, the method comprising the steps of providing, at the request of alicensed end user, digital data in encrypted form, and enabling thelicensed end user to record the decrypted digital data onto a datacarrier, the method further comprising the step of requiring that thedecrypted digital data can only be recorded onto the data carriertogether with means which provide copy protection for the decrypteddigital data.

[0006] With embodiments of a method of the invention, the licenceobtained by the end user determines the manner in which the decryptedaudio data can be recorded. First of all, the method requires that anyrecordings which are made are provided with copy protection of therecorded digital data. Additionally and/or alternatively, the licencecontrols the number of times that the downloaded digital data can berecorded onto an individual data carrier.

[0007] Preferably, the method comprises the further step of enabling thelicensed end user to decrypt and play the digital data provided. Thisenables the end user, for example, to play the music and other digitaldata downloaded using the computer by which the download was performed.

[0008] In a preferred embodiment of a method of the invention, themethod comprises the step of licensing the end user upon the completionof a financial transaction between the end user and a supplier ofdigital data to decrypt and play the digital data provided.

[0009] The licensing arrangements can be arranged such that the end useris enabled both to play downloaded digital data and to make apredetermined number of recordings thereof. Alternatively, it would bepossible to enable either for the playing of the downloaded digital databy the end user or to enable recording onto a data carrier, for example,by a burner or other recorder associated with the end user.

[0010] In a preferred embodiment, the method comprises the step oflicensing the end user upon the completion of a financial transactionbetween the end user and a supplier of digital data to record thedecrypted data, in copy protected form, onto a number of data carriers.

[0011] For example, the end user may only be enabled to record thedecrypted data, in copy protected form, onto a single data carrier.

[0012] At present, recordable CDs (CD-R and CD-RW), and apparatus forrecording such CDs, often known as burners, are commonly andcommercially available. In addition, copy protection techniques, whichhave been proposed for copy protecting audio data on CDs, have beenfound to be suitable for application to a CD during its burning byavailable CD recorders. Thus, methods of the present invention can beimmediately implemented to control the downloading and recording ofaudio data onto CDs.

[0013] However, it will be appreciated that the invention is notrestricted to use with audio data and that the invention can similarlybe used to control the downloading of, and recording of images, video,and other data. It is expected, for example, that DVD recorders for homeuse will become widely available in the near future. Accordingly, thisinvention is not restricted to the control of audio data and to thecontrol of the recording of audio data on CDs, although techniques forthese applications are exemplified herein.

[0014] In the description and claims of this specification wedistinguish between the “playing” of digital data obtained and the“extracting” of that data. Thus, the term “playing” refers to renderingthe digital data into analog form. A player or drive arranged orcontrolled to play the digital data, therefore, is referred to as a“player”. Such players will include, therefore, commercially availableCD music players which function solely to play the music or other audioon a CD and video players which similarly play the video recorded on aDVD. It is clearly required that any copy protection added onto the datacarrier does not generally impinge on, or effect the normal operation ofa player of the digital data.

[0015] The copy protection to be added to a data carrier is to prevent“ripping”, that is, to prevent acts of extracting and storing digitaldata so that the data can be copied. In this respect, “ripping” may beundertaken on drives in computers, and on other devices, such as someplayers, which can be controlled to extract and store the digital data.In the description and claims of this specification, the term “datareader” is used to refer to all players and drives which can be arrangedor controlled to extract the data on a data carrier and thus used for“ripping”. Thus data readers will include, for example, CD-ROM driveswhen configured or controlled to extract or rip data from the CD-ROM. Inthe practice of this invention it may be required to enable a CD-ROMdrive, for example, to play downloaded digital data such as audio orvideo, but to prevent that same CD-ROM drive from being used to make acopy of the digital data on the optical disc unless the end user islicensed.

[0016] In preferred embodiments of the invention, the means recordedonto the data carrier to provide copy protection for the decrypteddigital data comprises a digital signature and a verification routinerequiring access to the digital signature.

[0017] In this respect, techniques utilising a digital signature toprovide copy protection are well known. One example is described, forexample, in U.S. Pat. No. 6,353,890 in which access control informationis carried on the data carrier. If the presence of the access controlinformation is detected, data carried on the data carrier can bedecrypted by use of a key incorporated within the access controlinformation, or digital signature.

[0018] Additionally and/or alternatively, to record means onto the datacarrier to provide copy protection for the decrypted digital data, themethod comprises encoding incorrect and/or inaccurate control data ontothe data carrier, the control data which is incorrect and/or inaccuratebeing usuable by a reader of the digital data.

[0019] For example, the incorrect control data encoded onto the datacarrier is either inaccessible to, not generally read, or is generallyignored during playing of the digital data.

[0020] Techniques involving the encoding of incorrect and/or inaccuratecontrol data onto a CD for protecting digital audio data, for example,are described in WO 00/74053, WO 01/61695, and WO 01/61696.

[0021] In these prior specifications, incorrect data may, for example,falsely identify the position on the disc of the Lead Out, mayeffectively hide the fact that the disc contains multiple sessions,and/or may identify audio incorrectly as data. The data in the Table ofContents (TOC) may be rendered incorrect. Additionally and/oralternatively, navigation and/or timing data may be rendered incorrectand/or control data representative of the structure of the data on thedisc may be rendered incorrectly.

[0022] Preferably, the digital data to be recorded onto the data carrierhas been downloaded by way of the internet.

[0023] As earlier set out, the present invention is applicable to alltypes of digital data, and, for example, the digital data may be audiodata, video, images and/or application files. The data carrier maybe amagnetic disc or an optical disc, and the optical disc may be a CD or aDVD, for example.

[0024] A method for an embodiment of the invention, enabling a licensedend user to obtain and record digital data may further compriseproviding digital data required by the end user after its encryptionutilising a key generated by and stored by the end user, completing afinancial transaction between the end user and the supplier of thedigital data to licence the end user to obtain the digital data, andindicating the completion of the financial transaction whereby the enduser is enabled to obtain and decrypt the encrypted digital datautilising the key stored by the end user.

[0025] In an embodiment of a method enabling a licensed end user toobtain and record digital data, the method further comprises storing theencrypted digital data at the end user with information identifying thelicensed rights obtained by the financial transaction, and, where thelicensed rights include a right to record the digital data, generating arequest to obtain a further key enabling recording of the decrypteddigital data.

[0026] In a preferred embodiment, the further key is caused to expireonce the licensed recording of the digital data has been undertaken.

[0027] This expiry of the further key causes the licensed facility torecord the digital data to be withdrawn.

[0028] The present invention also extends to apparatus for enabling alicensed end user to record digital data, said apparatus comprisingprocessing means arranged to receive digital data in encrypted form andto decrypt the received digital data, and recording means for recordingthe decrypted digital data onto a data carrier, the apparatus furthercomprising means constraining the recording means to record thedecrypted digital data onto a data carrier together with meansprotecting the digital data against copying.

[0029] In an embodiment, the apparatus further comprises a player forplaying the decrypted digital data.

[0030] In one arrangement, the processing means is incorporated into anend user apparatus, and said end user apparatus also incorporates amedia player able to play the decrypted digital data.

[0031] In an embodiment, the apparatus may comprise an end user, forexample, in the form of a personal computer, incorporating saidprocessing means and said recording means.

[0032] In an alternative embodiment, the recording means is provided ina recording apparatus which also comprises decryption means fordecrypting the digital data, the recording apparatus further comprisingcommunication means arranged to receive external information enabled tocontrol said decryption means.

[0033] The recording apparatus may further comprise copy protectionmeans for encoding and recording copy protection information onto a datacarrier.

[0034] It will be appreciated that the individual elements which make upapparatus of the invention may be configured in software, or inhardware, or in some combination thereof. Furthermore, the individualelements may be provided by elements of a computer, by elements of arecording apparatus, and/or by elements of each. Additionally and/oralternatively, a separate dedicated recording and copy protectingapparatus, including some or all of the elements, may be provided.

[0035] In one implementation, the end user will be formed by a personalcomputer arranged to communicate with the internet. The processing meansof the computer may be used to undertake the decryption of the digitaldata received and/or to control the recording apparatus. If required,the recording apparatus may additionally be provided with processingmeans, for example.

[0036] The present invention also extends to a data carrier carryingcopy protected digital data which has been recorded thereon by a methodand/or apparatus as defined above.

[0037] According to a further aspect of the present invention there isprovided an executable application file arranged to cause operation ofan apparatus to record digital data as defined.

[0038] The invention also extends to an executable application filearranged to cause an end user device to record digital data onto a datacarrier, the application file comprising:

[0039] an instruction to retain a key which has been used to encryptdigital data,

[0040] an instruction to obtain a further key to enable recording of thedigital data,

[0041] an instruction to decrypt the digital data using the retainedencryption key, and

[0042] an instruction responsive to the receipt of the further key tocause recording of the decrypted digital data with the addition of copyprotection for the digital data.

[0043] Preferably, the executable application file further comprises aninstruction to access a catalogue for a database containing digital datafiles, and an instruction to generate a key for each digital data fileselected.

[0044] In an embodiment, the instruction to generate a key is dependentupon the completion of a financial transaction between the end user anda controller of the database of digital data.

[0045] According to a further aspect of the invention, there is provideda method of enabling a licensed end user to record digital data, themethod comprising the steps of:

[0046] licensing the end user upon completion of a financial transactionbetween the end user and a supplier of digital data to have agreedrights over selected digital data,

[0047] enabling the licensed end user to obtain the selected digitaldata and to use the selected digital data in accordance with thelicensed rights, and

[0048] enabling recording by the end user of the selected digital dataonto a data carrier,

[0049] wherein the selected digital data is made available in encryptedform and the end user is enabled to decrypt the selected digital datafor licensed use and licensed recording.

[0050] Preferably, the method further comprises enabling the licensedend user to download the selected digital data over the internet.

[0051] In an embodiment, the method further comprises providing theselected digital data after its encryption by a key generated by andstored by the end user, the end user being enabled to decrypt theencrypted digital data using the key stored by the end user.

[0052] Preferably, the selected digital data is stored at the end userwith information identifying the licensed rights obtained by thefinancial transaction, and, where the licensed rights include a right torecord the selected digital data, the method further comprisesgenerating a request to obtain a further key enabling recording of theselected digital data.

[0053] In a preferred embodiment, the method further comprises the stepof requiring that the selected digital data can only be recorded ontothe data carrier together with means which provide copy protection forthe selected digital data.

[0054] The present invention also extends to apparatus for enabling alicensed end user to record selected digital data, said apparatuscomprising processing means arranged to communicate with a financialserver whereby a financial transaction can be completed to obtain forthe end user rights over selected digital data, the processing meansbeing arranged upon completion of the financial transaction to obtainthe selected digital data and to use the selected digital data inaccordance with the licensed rights, and the apparatus furthercomprising recording means for recording the selected digital data ontoa data carrier, wherein the selected digital data is made available inencrypted form and the processing means is enabled to decrypt theselected digital data for licensed use and for licensed recording.

[0055] Preferably, the processing means is enabled to download theselected digital data over the internet.

[0056] According to a further aspect of the present invention there isprovided an executable application file arranged to enable an end userdevice to record digital data onto a data carrier, the application filecomprising:

[0057] an instruction to complete a financial transaction with an enduser for the end user to buy selected digital data,

[0058] an instruction to provide the selected and bought digital data tothe end user, and

[0059] an instruction to enable the end user to decrypt and record theselected digital data.

[0060] Embodiments of the present invention will hereinafter bedescribed, by way of example, with reference to the accompanyingdrawings, in which:

[0061]FIG. 1 illustrates the downloading of audio data to an end usercomputer,

[0062]FIG. 2 illustrates the recording of an album at an end usercomputer,

[0063]FIG. 3 shows schematically an embodiment of recording apparatusfor recording audio data onto a CD utilising current CD burners, and

[0064]FIG. 4 shows schematically an embodiment of recording apparatusfor recording audio data onto a CD indicating the configuration of aspecialised CD burner.

[0065] The present invention will be described herein specifically asenabling a licensed end user to obtain digital audio data and to recordthat audio data onto a CD in a manner which renders the CD copyprotected. However, the method described herein is applicable to thedownloading and recording of digital data in general and that recordingmay be onto any appropriate data carrier.

[0066] For example, an end user may be licensed to download video,images, audio data, application data, other digital data, and/or anyrequired combination of such digital data and to record that data ontoany format CD, onto any format DVD, or to any other format of opticaldisc. The invention may also be used to control the downloading ofdigital data onto other data carriers such as mini discs, and floppydiscs. The invention is described in the following with reference to thedownloading of audio data simply by way of example and the invention isnot limited to the nature of the digital data nor to the nature or theformat of the data carrier onto which the digital data is recorded.

[0067] Similarly, in the exemplary embodiments, reference is made to aCD burner. However, it will be appreciated that the invention isapplicable to any recorder capable of recording CDs, and similarly toany recorder capable of recording onto a data carrier. It will beappreciated that the invention encompasses recording using DVDrecorders. It is expected that DVD recorders will become more generallyavailable in the short term.

[0068] The invention described herein arose to meet a specific need ofthe music industry which wanted to make audio data available over theinternet but equally wished to retain control of the uses to which thataudio data was put. There is a clear danger in enabling access to musicby way of the internet as an end user will generally have a personalcomputer which can not only act to play the downloaded audio data, butcan also act as a reader to extract the data from the downloaded audiothereby enabling ripping. In this respect, the end user computer canalso control a recorder for a CD, generally a CD burner, and thus an enduser is likely to be in possession of all of the equipment necessary notonly to download music for personal use, but also to make multiplecopies of that music for dissemination.

[0069] The music industry requires to make music available by way of theinternet, but subject to the completion of a financial transaction bywhich an end user pays for the music. In addition, whilst there isgenerally no problem in allowing an end user who has paid for the musicto record it onto a CD for personal use, for example, in a portableaudio player, in an in-car audio player, or in hi-fi apparatus, it isrequired to prevent an end user recording the music downloaded ontoseveral CDs. It is also required to copy protect the audio data on a CDrecorded by an end user. The present invention provides means enablingcontrol of the supply of the audio, and indeed other digital data, to anend user and ensures that any CD, or other data carrier, recorded by anend user is copy protected. By this means a supplier of digital music orother digital data retains control of the uses to which the downloadeddata can be put.

[0070]FIG. 1 shows schematically a scheme of the invention for enablingaudio to be downloaded by an end user in a manner controlled by asupplier, who may be, for example, a publisher of music and other audiodata. In this respect, an end user device such as an end user computer10 is to access, by way of the internet, the catalogue of a music serverwhich is indicated at 12. The music server 12, provided by a musicpublisher, will have a plurality of music tracks, as 14, available forsale. These music tracks 14 are stored on the music server 12 withoutencryption or any copy protection, although free access to the musictracks 14 is prevented, for example, by a firewall.

[0071] In known manner, the end user computer 10 is used to log onto themusic server 12 and is enabled to browse its catalogue. The end usercomputer 10 can make a selection from the catalogue of music tracks 14available on the music server 12. The end user may have an account withthe organisation controlling the music server 12 or may pay for themusic by credit card. Having chosen the music tracks 14 required,therefore, the end user computer 10 communicates by way of a transactionmanager 16 and a clearance service 18 with a bank server, indicated at20, whereby a cleared payment for the music tracks 14 to be downloadedis authorised. The satisfactory completion of the financial transactioncauses the clearance server 18 to generate one or more response codes.The provision of the response codes enables downloading of the selected,and paid for, music tracks 14.

[0072] In response to the generation of a response code, the end usercomputer 10 is caused to generate a key which is locked to the end usercomputer 10 and is individual to it. This key is generated by referenceto a key server 22 which is interrogated by the end user computer 10 inresponse to the provision of the response code. In the preferred scheme,for additional security, each music track 14 has an individual responsecode, and hence an individual and distinct key. Each key is recorded ina database held in the transaction manager 16 together with details ofthe music track 14 to which it corresponds. The transaction manager 16keeps a record of each key generated, of the corresponding music track14 selected, and of the rights to that track which have been purchased.

[0073] The manner in which the key is generated is a matter for choice.Generally it is preferred that the key is a composite which incorporatesa fingerprint of the end user computer 10 so that each key is individualto a particular user computer. Preferably, the key server 22 hosts thekeys with the key on the end user computer 10 acting as a carrier.

[0074] The information from the transaction manager 16 is then used by awrapper 24 to encrypt each music track 14 purchased. The key is used inthe encryption. The end user computer 10 may then download eachpurchased music track in an encrypted form.

[0075] It will be appreciated that as the end user computer 10 has theappropriate key locked into it, it can be enabled to decrypt eachencrypted music track 26 and play that music track. In this respect, theprocess shown in FIG. 1 may be, for example, the digital rightsmanagement and transaction process which is currently available fromMacrovision Europe Limited under the name “SafeCast”.

[0076] As explained above, it is not only required to enable an end userto download music tracks to play upon making the appropriate payment,but also to enable the end user to compile an album of such music tracksand burn them onto a CD. However, to ensure that control of thedownloaded music tracks is retained, it is required that the resultantCD produced by the end user is copy protected.

[0077] The burning onto a CD of an album compiled from a number ofencrypted and downloaded music tracks 26 provided by the rightsmanagement and transaction process shown in FIG. 1 is illustrated inFIG. 2. As indicated in FIG. 2, the end user chooses and downloads anumber of encrypted music tracks 26 which are stored in the end usercomputer 10. These music tracks are arranged by an album composer 28provided at the computer 10. This composer 28 might be configured, forexample, by software caused to be downloaded to the end user computer.Thus, an album 30 made up of a number of encrypted music tracks isformed. It will be recalled that each of the music tracks needs a keylocked into the computer 10 for its decryption. In this respect, thealbum 30 also stores with each music track information as to the rightswhich have been purchased and as to the key which is required for itsdecryption. This is the information assembled in the transaction manager16 of FIG. 1.

[0078] Where permission has been bought to burn a track, the album 30 isarranged to generate a request for a further key to the key server 22 byway of the internet. By this further transaction, a “once only” key maybe returned to a recording apparatus 32, controlled by the end usercomputer 10. This recording apparatus, which incorporates a burningengine and a burner (not shown) is then enabled to burn the decryptedtrack onto a CD 46. However, the recording apparatus 32 is also requiredand caused to copy protect the decrypted music tracks during the burningprocess. In this respect, most current CD burners can be instructed tomodify the control data written to a CD and/or to write a digitalsignature with an appropriate authentication routine to the CD wherebycopy protection techniques can be applied to the CD as it is beingburnt.

[0079] The further key which is provided to enable the recordingapparatus 32, to burn the decrypted music track onto the CD 46 isgenerally arranged to expire after a single use. This is theapplicants'known “SafeCast” technique which can be used to ensure thatonly a single copy of a downloaded music track is made. Of course, theend user may be allowed to buy rights to make more than one copy andappropriate further single use keys may be generated. Alternatively,multiple use keys may be provided.

[0080] The arrangements shown in FIG. 2 are generally provided bysoftware which is made available to the end user computer 10. Thesoftware, for example, may be downloaded by the end user computer 10when a first music track 14 is ordered by the process shown in FIG. 1.Additionally and/or alternatively, an executable application may be madeavailable to an end user computer 10 either by way of a disc or as adownloadable file from another source. In one preferred embodimentdownloadable players for music, such as Microsoft's “Media Player” maybe modified to incorporate the necessary executable application, asindicated in FIG. 2, for downloading and burning CDs utilizing methodsof the invention.

[0081]FIG. 3 illustrates how the apparatus necessary to record copyprotected and decrypted music tracks onto a CD 46 might be configuredusing existing technology. Thus, FIG. 3 shows a computer 10 incommunication with an album key server 36 by way of the Internet. Thiscomputer 10 controls a CD burner 34 to record a CD 46. Within thecomputer 10, software providing a burning engine 32 is provided. Thisburning engine 32 includes a decryptor 38.

[0082] In the computer 10 there is an album, as 30, which has beencompiled as described above to include the downloaded album tracks intheir encrypted form. The computer 10 is in communication with an albumkey server 36 which includes information as to the key required todecrypt the individual tracks and details of the rights which have beenpurchased for each track. Thus, the album key server 36 has informationas to whether the right to burn the tracks has been purchased and alsoas to the number of times that each track can be recorded. The album keyserver 36 may be part of, or communicate with, the key server 22 toreceive or generate the further key to enable recording of the album.The album key server 36 then enables the decryptor 38 within the burningengine 32 to obtain and decrypt each of the tracks with the appropriatekey and then to encode that audio track onto a CD 46 by way of theburner 34. In this respect, and as shown, the audio data, or mainchannel data is routed to the burner 34 by way of an audio data, or mainchannel 40 whereas appropriate copy protection is shown being added tothe CD 46by way of a control channel 42.

[0083] Of course, it will be appreciated that the various elementsmaking up the apparatus maybe configured in hardware, or in software orin some combination of both according to requirements. Furthermore,whilst in the embodiment shown in FIG. 3, the computer 10 is shown asproviding the necessary processing means for the software and storage ofdata, new generations of CD burners may be configured to enable them toundertake processing and storage functions.

[0084] In this respect, when using apparatus as shown in FIG. 3,unprotected, unencrypted, clear audio data can be found within the enduser computer 10 as it is such audio data which has been decrypted fromthe downloaded music tracks and which is then to be encoded onto the CD46 together with the copy protection. There is the risk, therefore, thatit may be possible to locate and tap into that audio data wherebymultiple unprotected copies thereof could be made. To guard against thisit is proposed that the next generation of CD burners should, asillustrated in FIG. 4, have incorporated therein the processingcapability and software to receive encrypted data.

[0085]FIG. 4 shows the same software and hardware elements as FIG. 3 butthe distribution of those elements across a computer 10 and a burningengine 32 and a burner 34 has been reconfigured. Thus the software forcontrolling the burner 34, which is generally known as the burningengine 32, remains within the computer 10, but a new generation ofburner 34 is provided with the capability to decrypt the music to burnonto the CD 46. It will be appreciated that the operation of theapparatus shown in FIG. 4 is substantially identical to that of FIG. 3.

[0086] It will be appreciated that the method of copy protecting theburnt CD can be chosen as required. For example, a digital signaturewhich requires that the CD be retained within a drive whilst beingplayed, as described in U.S. Pat. No. 6,353,890 may be provided.

[0087] Additionally and/or alternatively, incorrect and/or inaccuratecontrol data as described, for example, in WO 00/740453, may be encodedonto the CD. The control data which is rendered incorrect may, forexample, incorrectly identify the position on the disc of the Lead Outin the Lead In of the disc. For example, the data in the Lead In mayshow the Atime at the start of the Lead Out to be zero. Alternativelythe data in the Lead In may have a value for the Atime at the start ofthe Lead Out which occurs during a first audio track on the CD.Additionally and/or alternatively, the data on the CD identifying thenature of the tracks may incorrectly identify each audio track as a datatrack.

[0088] In a preferred embodiment, data in the Table of Contents (TOC) ofthe CD may be rendered inaccurate. In this embodiment, if the disc isarranged to have multiple sessions, the existence of most of thesesessions can be hidden from a data reader.

[0089] The methods described, for example, in WO 00/74053 prevent a datareader from extracting the data on the disc. In addition, a data readersuch as a CD-ROM drive is unable simply to play the audio which has beenburnt onto the disc. However, in the context of this invention, wherethe downloaded files can be played by the end user computer 10, theprovision of copy protection on the burnt CD which makes it possible toplay that CD only on audio players is quite acceptable.

[0090] However, it may also be possible to control new generations ofburners to employ copy protection techniques as described, for example,in WO 01/61695 and WO 01/61696. These later techniques do not generallyprevent use of a data reader to play a copy protected disc but do eitherprevent copying by a data reader or degrade any copies which can bemade.

[0091] It will be appreciated that any other methods for copy protectingcompact discs, other optical discs, and other data carriers, may beutilised if required.

[0092] It will be appreciated that the schemes illustrated in each ofFIGS. 1 to 4 require appropriate software routines for theirimplementation. The provision of the appropriate software routines iswithin the competence of those skilled in the art and further detailsthereof are not required.

[0093] It will be appreciated that modifications and variations may bemade to the embodiments as described and illustrated within the scope ofthe accompanying claims.

1. A method of enabling a licensed end user to record digital data, themethod comprising the steps of providing, at the request of a licensedend user, digital data in encrypted form, and enabling the licensed enduser to record the decrypted digital data onto a data carrier, themethod further comprising the step of requiring that the decrypteddigital data can only be recorded onto the data carrier together withmeans which provide copy protection for the decrypted digital data.
 2. Amethod of enabling a licensed end user to record digital data as claimedin claim 1, the method comprising the further step of enabling thelicensed end user to decrypt and play the digital data provided.
 3. Amethod of enabling a licensed end user to record digital data as claimedin claim 1 or claim 2, wherein the method comprises the step oflicensing the end user upon completion of a financial transactionbetween the end user and a supplier of digital data to decrypt and playthe digital data provided.
 4. A method of enabling a licensed end userto record digital data as claimed in any preceding claim, wherein themethod comprises the step of licensing the end user upon completion of afinancial transaction between the end user and a supplier of digitaldata to record the decrypted data, in copy protected form, onto a numberof data carriers.
 5. A method of enabling a licensed end user to recorddigital data as claimed in claim 4, wherein the licensed end user isonly enabled to record the decrypted data, in copy protected form, ontoa single data carrier.
 6. A method of enabling a licensed end user torecord digital data as claimed in any preceding claim, wherein the meansrecorded onto the data carrier to provide copy protection for thedecrypted digital data comprises a digital signature and a verificationroutine requiring access to the digital signature.
 7. A method ofenabling a licensed end user to record digital data as claimed in anypreceding claim, wherein to record means onto the data carrier toprovide copy protection for the decrypted digital data, the methodcomprises encoding incorrect and/or inaccurate control data onto thedata carrier, the control data which is incorrect and/or inaccuratebeing usuable by a reader of the digital data.
 8. A method of enabling alicensed end user to record digital data as claimed in claim 7, whereinthe incorrect control data encoded onto the data carrier is eitherinaccessible, not generally read, or is generally ignored during playingof the digital data.
 9. A method of enabling a licensed end user torecord digital data as claimed in any preceding claim, wherein to recordmeans onto the data carrier to provide copy protection for the decrypteddigital data, the method comprises altering format and/or control dataprovided on the recordable data carrier.
 10. A method of enabling alicensed end user to record digital data as claimed in any precedingclaim, wherein the digital data to be recorded has been downloaded byway of the internet.
 11. A method of enabling a licensed end user torecord digital data as claimed in any preceding claim, wherein thedigital data is audio data, video, images and/or application files andthe data carrier is an optical disc such as a CD or a DVD.
 12. A methodof enabling a licensed end user to obtain and record digital data asclaimed in any preceding claim, the method further comprising providingdigital data required by the end user after encryption of the digitaldata using a key generated by and stored by the end user, completing afinancial transaction between the end user and the supplier of thedigital data to licence the end user to obtain the digital data, andindicating the completion of the financial transaction whereby the enduser is enabled to obtain and decrypt the encrypted digital datautilising the key stored by the end user.
 13. A method of enabling alicensed end user to obtain and record digital data as claimed in claim12, further comprising storing the encrypted digital data at the enduser with information identifying the licensed rights obtained by thefinancial transaction, and, where the licensed rights include a right torecord the digital data, generating a request to obtain a further keyenabling recording of the decrypted digital data.
 14. A method ofenabling a licensed end user to obtain and record digital data asclaimed in claim 13, wherein the further key is caused to expire oncethe licensed recording of the digital data has been undertaken. 15.Apparatus for enabling a licensed end user to record digital data, saidapparatus comprising processing means arranged to receive digital datain encrypted form and to decrypt the received digital data, andrecording means for recording the decrypted digital data onto a datacarrier, the apparatus further comprising means constraining therecording means to record the decrypted digital data onto a data carriertogether with means protecting the digital data against copying. 16.Apparatus for enabling a licensed end user to record digital data asclaimed in claim 15, said apparatus further comprising a player forplaying the decrypted digital data.
 17. Apparatus for enabling alicensed end user to record digital data as claimed in claim 15 or claim16, wherein said processing means is incorporated into an end userapparatus, and wherein said end user apparatus also incorporates a mediaplayer able to play the decrypted digital data.
 18. Apparatus forenabling a licensed end user to record digital data as claimed in any ofclaims 15 to 17, wherein said apparatus comprises an end user computerincorporating said processing means and said recording means. 19.Apparatus for enabling a licensed end user to record digital data asclaimed in any of claims 15 to 17, wherein the recording means isprovided in a recording apparatus which also comprises decryption meansfor decrypting the digital data, the recording apparatus furthercomprising communication means arranged to receive external informationenabled to control said decryption means.
 20. Apparatus for enabling alicensed end user to record digital data as claimed in claim 19, whereinsaid recording apparatus further comprises copy protection means forencoding and recording copy protection information onto a data carrier.21. A data carrier carrying copy protected digital data which has beenrecorded thereon by a method as claimed in any of claims 1 to 14 and/orby an apparatus as claimed in any of claims 15 to
 20. 22. An executableapplication file arranged to cause the operation of an apparatus torecord digital data as claimed in any of claims 15 to
 20. 23. Anexecutable application file arranged to cause an end user device torecord digital data onto a data carrier, the application filecomprising: an instruction to retain a key which has been used toencrypt digital data, an instruction to obtain a further key to enablerecording of the digital data, an instruction to decrypt the digitaldata using the retained encryption key, and an instruction responsive tothe receipt of the further key to cause recording of the decrypteddigital data with the addition of copy protection for the digital data.24. An executable application file as claimed in claim 23, furthercomprising an instruction to access a catalogue for a databasecontaining individual digital data files, and an instruction to generatea respective one of said keys for each digital data file selected. 25.An executable application file as claimed in claim 24, wherein theinstruction to generate a key is dependent upon the completion of afinancial transaction between the end user and a controller of thedatabase of digital data.
 26. A method of enabling a licensed end userto record digital data, the method comprising the steps of: licensingthe end user upon completion of a financial transaction between the enduser and a supplier of digital data to have agreed rights over selecteddigital data, enabling the licensed end user to obtain the selecteddigital data and to use the selected digital data in accordance with thelicensed rights, and enabling recording by the end user of the selecteddigital data onto a data carrier, wherein the selected digital data ismade available in encrypted form and the end user is enabled to decryptthe selected digital data for licensed use and licensed recording.
 27. Amethod of enabling a licensed end user to record digital data as claimedin claim 26, further comprising enabling the licensed end user todownload the selected digital data over the internet.
 28. A method ofenabling a licensed end user to record digital data as claimed in claim26 or claim 27, further comprising providing the selected digital dataafter its encryption by a key generated by and stored by the end user,the end user being enabled to decrypt the encrypted digital data usingthe key stored by the end user.
 29. A method of enabling a licensed enduser to record digital data as claimed in any of claims 26 to 28,further comprising storing the selected digital data at the end userwith information identifying the licensed rights obtained by thefinancial transaction, and, where the licensed rights include a right torecord the selected digital data, generating a request to obtain afurther key enabling recording of the selected digital data.
 30. Amethod of enabling a licensed end user to record digital data as claimedin claim 29, wherein the further key is caused to expire once thelicensed recording of the selected digital data has been undertaken. 31.A method of enabling a licensed end user to record digital data asclaimed in any of claims 26 to 30, the method further comprising thestep of requiring that the selected digital data can only be recordedonto the data carrier together with means which provide copy protectionfor the selected digital data.
 32. A method of enabling a licensed enduser to record digital data as claimed in claim 31, wherein the meansrecorded onto the data carrier to provide copy protection for theselected digital data comprises a digital signature and a verificationroutine requiring access to the digital signature.
 33. A method ofenabling a licensed end user to record digital data as claimed in any ofclaims 26 to 32, wherein to record means onto the data carrier toprovide copy protection for the selected digital data, the methodcomprises encoding incorrect and/or inaccurate control data onto thedata carrier, the control data which is incorrect and/or inaccuratebeing usuable by a reader of the digital data.
 34. A method of enablinga licensed end user to record digital data as claimed in claim 33,wherein the incorrect control data encoded onto the data carrier iseither inaccessible, not generally read, or is generally ignored duringplaying of the digital data.
 35. Apparatus for enabling a licensed enduser to record selected digital data, said apparatus comprisingprocessing means arranged to communicate with a financial server wherebya financial transaction can be completed to obtain for the end userrights over selected digital data, the processing means being arrangedupon completion of the financial transaction to obtain the selecteddigital data and to use the selected digital data in accordance with thelicensed rights, and the apparatus further comprising recording meansfor recording the selected digital data onto a data carrier, wherein theselected digital data is made available in encrypted form and theprocessing means is enabled to decrypt the selected digital data forlicensed use and for licensed recording.
 36. Apparatus for enabling alicensed end user to record digital data as claimed in claim 35, whereinthe processing means is enabled to download the selected digital dataover the internet.
 37. Apparatus for enabling a licensed end user torecord digital data as claimed in claim 35 or claim 36, furthercomprising means to generate and store a key, and means to communicatethe key to the financial server to cause encryption of the selecteddigital data using the key.
 38. Apparatus for enabling a licensed enduser to record digital data as claimed in any of claims 35 to 37,further comprising means for storing the selected digital data withinformation identifying the licensed rights obtained by the financialtransaction, and, where the licensed rights include a right to recordthe selected digital data, means for generating a request to obtain afurther key enabling recording of the selected digital data. 39.Apparatus for enabling a licensed end user to record digital data asclaimed in any of claims 35 to 38, wherein said recording meanscomprises copy protection means for recording copy protectioninformation on a data carrier with the selected digital data. 40.Apparatus for enabling a licensed end user to record digital data asclaimed in any of claims 35 to 39, said apparatus further comprising aplayer for playing the selected and decrypted digital data. 41.Apparatus for enabling a licensed end user to record digital data asclaimed in any of claims 35 to 40, wherein said processing means isincorporated into an end user apparatus, and wherein said end userapparatus also incorporates a media player able to play the decrypteddigital data.
 42. Apparatus for enabling a licensed end user to recorddigital data as claimed in any of claims 35 to 41, wherein saidapparatus comprises an end user computer incorporating said processingmeans and said recording means.
 43. Apparatus for enabling a licensedend user to record digital data as claimed in any of claims 35 to 42,wherein the recording means is provided in a recording apparatus whichalso comprises decryption means for decrypting the digital data, therecording apparatus further comprising communication means arranged toreceive external information enabled to control said decryption.
 44. Adata carrier carrying digital data which has been recorded thereon by amethod as claimed in any of claims 26 to 34, and/or by an apparatus asclaimed in any of claims 35 to
 43. 45. An executable application filearranged to cause the operation of an apparatus to record digital dataas claimed in any of claims 35 to
 43. 46. An executable application filearranged to enable an end user device to record digital data onto a datacarrier, the application file comprising: an instruction to complete afinancial transaction with an end user for the end user to buy selecteddigital data, an instruction to provide the selected and bought digitaldata to the end user, and an instruction to enable the end user todecrypt and record the selected digital data.
 47. An executableapplication file as claimed in claim 46, further comprising aninstruction to enable access to a catalogue for a database containingdigital data, and an instruction to generate an encryption key for eachdigital data file chosen by the end user.